| Age | Commit message (Collapse) | Author |
|---|
|
|
|
ghostscript: add output `fonts`
|
|
|
|
|
|
|
|
|
|
|
|
on Darwin (#263833)
|
|
|
|
|
|
..into staging-next. This is a topologically earlier re-merge,
as it seems fairly important security fix and not that huge rebuild.
|
|
Minor update to counter CVE-2023-36664
Closes #243250
|
|
|
|
|
|
|
|
|
|
|
|
Validated as no change in `out`, `man`, `doc` outputs with diffoscope on
`ghostscript` expression.
|
|
|
|
The following error occurs when using `imagemagickBig`:
$ ./result/bin/identify sample.jp2
[1] 699089 IOT instruction (core dumped) ./result/bin/identify sample.jp2
When looking at the call-trace it seems as if certain symbols, e.g.
`opj_malloc` are mixed up:
#8 0x00007f78c79ad2f5 in MagickSignalHandler.cold () from /nix/store/bqy80qiw6czqh7vsmmmivwdswp9zzjgl-imagemagick-7.1.0-29/lib/libMagickCore-7.Q16HDRI.so.10
#9 <signal handler called>
#10 0x00007f78c5a6095f in opj_malloc () from /nix/store/wg6ly83k1k1fjiygiv1jr7li3p6dwsvq-ghostscript-with-X-9.55.0/lib/libgs.so.9
#11 0x00007f78c5a60981 in opj_calloc () from /nix/store/wg6ly83k1k1fjiygiv1jr7li3p6dwsvq-ghostscript-with-X-9.55.0/lib/libgs.so.9
#12 0x00007f78c4f48e24 in opj_create_decompress () from /nix/store/qwalb0kjz1p9c4j48qkk6ql47ds2lnhh-openjpeg-2.4.0/lib/libopenjp2.so.7
The `opj_create_decompress()` is called from the `openjpeg`-integration
of `imagemagick` and thus shouldn't affect `ghostscript` at all.
However, `ghostscript` (`libgs.so` to be precise) also exposes e.g.
`opj_malloc`:
$ objdump -t /nix/store/wg6ly83k1k1fjiygiv1jr7li3p6dwsvq-ghostscript-with-X-9.55.0/lib/libgs.so.9.55|grep opj_malloc
0000000000205940 g F .text 000000000000002b opj_malloc
Because of that, two incompatible symbols are used in the same process
and thus the `identify`-call breaks because the wrong one is used. To
work around that I decided to use the system-wide openjpeg instead.
I'm not sure why `libgs.so` wants to expose these symbols anyways, but
with that workaround the problem is solved.
Even though it's mentioned that ghostscript's openjpeg is heavily
patched, I think that this is somewhat outdated or at least irrelevant
considering that both ArchLinux[1] and Fedora[2] use the system-wide
`openjpeg` instead.
[1] https://github.com/archlinux/svntogit-packages/blob/bafcb5473b59d5386dd110d1cb249372dce9ea6c/trunk/PKGBUILD#L50
[2] https://src.fedoraproject.org/rpms/ghostscript/blob/e4eec13ab6ace2bad64b740d352964bbf61d1aa7/f/ghostscript.spec#_245
|
|
|
|
leaving new tesseract support disabled for now
|
|
Conflicts:
pkgs/development/tools/parsing/flex/2.6.1.nix
|
|
|
|
|
|
zlib has to be in nativeBuildInputs too because its run during the
build, i think.
|
|
|
|
this simply attempts rendering every ps/eps/pdf file in the ghostscript
test corpus
|
|
ghostscript: disable checkPhase, expand installCheckPhase
|
|
upon closer inspection, `make check` does little except rebuild
everything with some different options. ghostscript has a python-based
test suite, but it looks like an unmaintained disaster zone.
so the best we can probably do for now is ensure we can render all the
provided examples.
|
|
|
|
|
|
Dynamic library name on Darwin contains only 'maj.min' eg "9.53";
the build however used $version to set rpath;
this broke on 2029ca37 when $version went from "9.52" to "9.53.3".
Add a call to 'gs' in installCheckPhase,
to break the build if dylib issues arise in the future.
Signed-off-by: Sirio Balmelli <sirio@b-ad.ch>
Co-authored-by: Dmitry Kalinkin <dmitry.kalinkin@gmail.com>
|
|
* Do not use pkgconfig alias.
* Move version & hash inline.
|
|
https://www.ghostscript.com/doc/9.53.3/News.htm
|
|
|
|
This hack is no longer necessary, since multiple-outputs.sh has been
fixed to install docs in the right location.
|
|
https://www.ghostscript.com/doc/9.51/News.htm
https://www.ghostscript.com/doc/9.52/News.htm
|
|
The build process of ghostscript has missing dependencies, causing
failures in parallel builds (see hydra build
https://hydra.nixos.org/build/117095669/, reported as ghostscript bug
https://bugs.ghostscript.com/show_bug.cgi?id=702364 here)
|
|
|
|
|
|
|
|
|
|
CVE-2019-14813 and most of CVE-2019-14817
the latter's patch is only partially applied because it doesn't apply
cleanly to 9.27, still the fixes that do apply work and are better than
nothing
|
|
|
|
|
|
|
|
This is tagged as version 9.26a in the ghostpdl repo, but unfortunately
there are no tarballs released with that version number so far. We'll
continue calling this version 9.26 for now for simplicity's sake (and we
can switch to 9.26a and remove the patch when it's properly released).
Fixes #58262
Fixes #58089
|
|
GS ships with a fork of lcms2 ("lcms2mt"), but the ABI separation
between the fork and the original seems insufficient. If libgs is linked
alongside liblcms2 (for example, this is the case with imagemagick) then
it will call into the original library instead of the fork, causing
segfaults.
Follow the example of both Arch and Debian in this regard -- they both
use the systemwide lib instead of the fork.
|
|
|
